Privacy Policy




This policy statement provides information on the obligations and policies of Galderma, its subsidiaries, affiliates, and associated companies (the “Company”) in Malaysia. 

Our Corporate Privacy 

The Company shall endeavor to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Company shall be done in an appropriate manner for purposes of managing customer relations and to enable you to receive future offers. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in an appropriate time and manner. 

Statement of Practices 

Types of Personal Data Collected: For the purpose of carrying on the Company’s business, including registration and administration of the Company’s related products and services (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request: 

Your name; 

Correspondence address; 

Contact details, including contact name and telephone number or email address 

Company may employ other companies or individuals to assist us in providing our services, or to provide certain services such as analysing customer lists, providing marketing assistance or consulting services. These third parties may have access to information needed to perform their function but cannot use that information for other purposes. Some of the Company’s Websites may place a “cookie” on your machine; for example, to provide personalised services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across our websites. 

Accuracy of Personal Data 

Where necessary and possible, we will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, we are able to validate the data provided against pre-existing data held by the Company. In some cases, the Company is required to see original documentation before we may use the personal data such as with Personal Identifiers and/or proof of address. 

Storage and Retention of Personal Data 

Company will endeavor to take all reasonable steps to keep secure any personal information recorded, and to keep this information accurate and up to date. The information is stored on secure servers if in digital format, or in locked areas if in hardcopy format: these repositories are protected in controlled facilities. In some cases, these facilities may be overseas. Company employees and data processors are obliged to respect the confidentiality of any personal information held by Company. However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. Company will not be held responsible for events arising from unauthorized access to personal information. 

Disclosure of Personal Data 

All personal data held by the Company will be kept confidential, but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties: 

Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company; 

Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided; 

Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information; and 

Any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. 

Personal data may also be disclosed to any person or persons that have a right under Malaysian law to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain customer information, then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders. 

Transfer of Personal Data Outside of Malaysia 

At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of Malaysia in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done so in accordance with Company policy, and local legislation such as the Personal Data Protection Act 2010. 

Security of Personal Data 

Physical records containing personal data are securely stored in locked areas and/or containers when not in use. Computer data are stored on computer systems and storage media to which access is controlled and/or are located within restricted areas. 

Access and Correction of Personal Data 

Individuals have the right to: 

Check whether the Company holds any personal data relating to them and, if so, obtain copies of such data; 

Require the Company to correct any personal data relating to them which is inaccurate for the purpose for which it is being used. 

Direct Marketing 

The Company will honor an individual’s request not to use his or her personal data for the purposes of direct marketing. Any such request should clearly state details of the personal data in respect of which the request is being made. Specifically, we request that you include the corresponding Company assigned account numbers which are printed on the Company’s statements/invoices. Please also state clearly the authority under which you are authorized to make such a request. Unless otherwise instructed as per the above, the Company may use any of the data collected in the normal course of its business for marketing purposes. 

Links to other web sites 

Company may provide links to web sites outside of the Cetaphil site. These linked sites are not under the control of Company, and Company is not responsible for the conduct of companies linked to the Cetaphil web site, nor for the performance or otherwise of any content and/or software contained in such external websites. 

Change Policy 

Company reserves the right to alter any of the clauses contained herein in compliance with local legislation, to meet its global policy requirements, and for any other purpose deemed necessary by the Company. All inquiries on data protection should be directed to